Unpatched.ai can make mistakes. Public reports may be added, updated, or removed at any time.
Report ID: 2024-236
An improper input validation issue exists in Microsoft Access, specifically MSACCESS.EXE version 16.0.18025.20214 when opening a specially crafted file. By sending a target the file and convincing them to open it, an attacker could unlikely gain Remote Code Execution (RCE) on the target's computer due to the unpatched issue. However, even if RCE isn't achieved, the crash could result in Denial of Service (DoS) for the target application. In addition, likely due to how Microsoft Access handles recent files, file recovery, and file repair, it is possible the issue could result in a persistent DoS attack, where the application will continue to crash, even after reboot by the target.
ExceptionAddress: 00007ffb0d66a7dd (mso20win32client!CrashWithRecovery+0x000000000000004d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 0000000000000000Attempt to write to address 0000000000000000Child-SP RetAddr : Args to Child : Call Site00000046`098f0220 00007ffb`0d8a8ad6 : 000001ef`01483052 00000000`00000000 00007ffb`0dc4af90 00000046`098f03b8 : mso20win32client!CrashWithRecovery+0x4d00000046`098f0280 00007ffb`d1921ee9 : 00000000`00000016 000001ef`8edb9b78 00000000`00000000 00000000`00000016 : mso20win32client!EnableAbortRedirectLiblet::Uninit+0x9300000046`098f02f0 00007ffb`d1905011 : 000001ef`8edbbb01 000001ef`00000000 00000000`00000000 00000046`098f03a0 : ucrtbase!raise+0x1d900000046`098f0370 00007ff7`4c2acb5a : 00000000`00000003 00000000`00000003 ffffffff`fffffffe 000001ef`85148ff0 : ucrtbase!abort+0x3100000046`098f03a0 00007ffb`d1921f37 : 000001ef`8edbbb78 000001ef`8edb9b78 00000000`00000083 000001ef`8edb9b78 : msaccess!SetEnumIntlView+0x202a00000046`098f03d0 00007ff7`4c306371 : 000001ef`8edbbb78 00000000`fffffffd 00007ffb`0dc4af90 01010101`01010101 : ucrtbase!terminate+0x1700000046`098f0400 00007ff7`4c3087b2 : 000001ef`8edbbb78 00000000`00000000 00000000`00000083 000001ef`8edb9b78 : msaccess!SizeCallback+0x50f5100000046`098f0430 00007ff7`4c5dca90 : 00000046`098f04d8 000001ef`d3453860 00000000`00000083 00000000`0000fa46 : msaccess!SizeCallback+0x5339200000046`098f0490 00007ff7`4c5dcb40 : 000001ef`8edaf778 00000046`098f1398 00000046`098f1398 00000000`0000fe9f : msaccess!AccessLoadString+0x25ce000000046`098f1350 00007ff7`4c5dcb40 : 000001ef`f3c30ff0 00000046`098f2258 00000046`098f2258 00000000`0000feea : msaccess!AccessLoadString+0x25d9000000046`098f2210 00007ff7`4c5dcb40 : 000001ef`8ed89868 00000046`098f3118 00000046`098f3118 00000000`00000000 : msaccess!AccessLoadString+0x25d9000000046`098f30d0 00007ff7`4c5dcb40 : 000001ef`d9950ff0 00000046`098f3fd8 00000046`098f3fd8 00000000`00000000 : msaccess!AccessLoadString+0x25d9000000046`098f3f90 00007ff7`4c5e3f86 : 000001ef`a92c1f70 00000000`0000000c 00000046`098f6fc0 00000000`00000001 : msaccess!AccessLoadString+0x25d9000000046`098f4e50 00007ff7`4c5e340d : 00000000`00000000 00000000`00000000 00000046`098f77d0 00000000`00000001 : msaccess!AccessLoadString+0x2d1d600000046`098f5610 00007ff7`4c5dba62 : 00000000`00020102 000001ef`d3453860 00000000`00008000 00000000`00000000 : msaccess!AccessLoadString+0x2c65d00000046`098f6f10 00007ff7`4c390d0e : 00000000`00000000 01c10369`cf3f3500 01c10369`9c468040 00000000`00000000 : msaccess!AccessLoadString+0x24cb200000046`098f7330 00007ff7`4c3cfce5 : 006f0073`006f0072 004a002e`00740066 004e002e`00740065 00760069`00740061 : msaccess!SizeCallback+0xdb8ee00000046`098f7520 00007ff7`4c15c508 : 000001ef`d3453860 00007ff7`4c8ffde7 00000000`00000003 00000046`00000000 : msaccess!WizChooseColor+0x3d5f500000046`098f7590 00007ff7`4c94a899 : 00000000`00000000 00000000`00008000 00000046`098f7bf9 000001ef`d3453860 : msaccess!JETESLoadProjectTypeLib+0xaa40800000046`098f75e0 00007ff7`4c5220b5 : 00000046`098f7a98 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!OpenHscrEmbedded+0x9e82900000046`098f7a40 00007ff7`4c0ad380 : 000001ef`e0cb4ec0 00000046`098f7c00 00007ffb`d19988c0 00000046`098f7c00 : msaccess!MSAU_GetSizeList+0x271500000046`098f7b90 00007ff7`4c0ac7c0 : 00000000`00000000 00000000`00000000 000001ef`e0cb4ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x32e8000000046`098f7c60 00007ff7`4c925b5a : 000001ef`e0cb4f18 00000000`00000000 000001ef`e0cb4ec0 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x322c000000046`098f7f60 00007ff7`4c0b0a7e : 000001ef`b4d2ad70 00000046`098f8660 000001ef`b4d2ad70 00000000`00000000 : msaccess!OpenHscrEmbedded+0x79aea00000046`098f8120 00007ff7`4c0a1de6 : 00000046`098f82d0 00000046`098f8408 000001ef`cdd48f70 00000046`098f8408 : msaccess!ReleaseAccessIconResource+0x3657e00000046`098f8270 00007ff7`4c246d2e : 00000046`098f8660 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!ReleaseAccessIconResource+0x278e600000046`098f8390 00007ff7`4c242e71 : 00000046`098fc230 00000000`00000000 00007ffb`d3b40000 00000046`098fdb70 : msaccess!MSAU_ErrSortStringArray+0x345ce00000046`098fc1d0 00007ff7`4c23cbab : 00000000`00000105 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x3071100000046`098fda80 00007ff7`4c24374a : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x2a44b00000046`098ff160 00007ff7`4c50030b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!MSAU_ErrSortStringArray+0x30fea00000046`098ff680 00007ff7`4c50140e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5c8cb00000046`098ff820 00007ff7`4c072612 : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!GetAccessIntellisenseManager+0x5d9ce00000046`098ff900 00007ffb`d27bdbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msaccess!Ordinal59+0x1261200000046`098ff940 00007ffb`d3c1fbec : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x1700000046`098ff970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c